runecast user guide - controlup
TRANSCRIPT
![Page 1: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/1.jpg)
![Page 2: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/2.jpg)
2 | P a g e
ControlUp Analyzer User Guide September 2019
ControlUp Analyzer User Guide
September 2019
Copyright © 2014-2019 ControlUp, Inc. All rights reserved.
![Page 3: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/3.jpg)
3 | P a g e
ControlUp Analyzer User Guide September 2019
Contents 1 Installation and Setup.............................................................................................................................. 5
1.1 System Requirements ............................................................................................................................ 5
1.2 Deployment........................................................................................................................................... 9
1.3 Initial Configuration ............................................................................................................................... 9
1.3.1 Connect to a System and Analyze ................................................................................................... 9
1.3.2 Licensing ControlUp Analyzer ....................................................................................................... 15
1.3.3 Configure Log Collection ............................................................................................................... 17
2 Working with ControlUp Analyzer ......................................................................................................... 21
2.1 What is an Issue? ................................................................................................................................. 21
2.2 What is an Object? .............................................................................................................................. 22
2.3 Context ............................................................................................................................................... 22
2.4 MAIN MENU ........................................................................................................................................ 22
2.4.1 Dashboard .................................................................................................................................... 23
2.4.2 Inventory View ............................................................................................................................. 25
2.4.3 All Issues View .............................................................................................................................. 26
2.5 CONFIGURATION ANALYSIS ................................................................................................................. 29
2.5.1 Config KBs Discovered .................................................................................................................. 29
2.5.2 Best Practices ............................................................................................................................... 29
2.5.3 Security Hardening ....................................................................................................................... 29
2.5.4 HW Compatibility ......................................................................................................................... 32
2.6 LOG ANALYSIS ..................................................................................................................................... 38
2.6.1 Log KBs Discovered ....................................................................................................................... 38
2.6.2 Log Inspector ................................................................................................................................ 38
2.7 Definition Database ............................................................................................................................. 38
2.8 Settings Page ....................................................................................................................................... 38
2.8.1 Connections.................................................................................................................................. 39
![Page 4: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/4.jpg)
4 | P a g e
ControlUp Analyzer User Guide September 2019
2.8.2 Automatic Scheduler .................................................................................................................... 39
2.8.3 Alerting ........................................................................................................................................ 39
2.8.4 Log Analysis .................................................................................................................................. 39
2.8.5 Security Compliance ..................................................................................................................... 39
2.8.6 User Profile ................................................................................................................................... 39
2.8.7 Filters ........................................................................................................................................... 40
2.8.8 Licenses ........................................................................................................................................ 41
2.8.9 Update ......................................................................................................................................... 41
2.8.10 API Access tokens ....................................................................................................................... 42
2.9 Tool Tips .............................................................................................................................................. 42
2.10 About ControlUp Analyzer ................................................................................................................. 43
3 ControlUp Analyzer Console Interface ................................................................................................... 44
4 Advanced Configuration ........................................................................................................................ 45
4.1 How to change the rcadmin password ................................................................................................. 45
4.2 How to replace the self-signed SSL certificate ...................................................................................... 45
4.3 How to Use with Proxy Server.............................................................................................................. 46
4.4 How to disable the session timeout for the web interface of ControlUp Analyzer ................................ 47
4.5 How to change vCenter heartbeat period configuration of ControlUp Analyzer ................................... 48
4.6 How to change ControlUp Analyzer network configuration .................................................................. 48
4.7 How to change address of Knowledge updates via config file ............................................................... 49
4.8 How to enforce support of TLSv1.2 protocol ........................................................................................ 50
4.9 How to configure remote audit logging ................................................................................................ 50
5 ControlUp Analyzer vSphere Web Client Plug-in .................................................................................... 51
5.1 Registering the plug-in with vCenter server ......................................................................................... 51
5.2 Plug-in Configuration ........................................................................................................................... 51
5.3 Working with the ControlUp Analyzer plug-in ...................................................................................... 51
5.4 Unregistering the extension from vCenter Server and cleaning up its files ........................................... 52
![Page 5: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/5.jpg)
5 | P a g e
ControlUp Analyzer User Guide September 2019
1 Installation and Setup
1.1 System Requirements The following section details the capacity and configuration requirements for deployment of the pre-
packaged ControlUp Analyzer appliance:
➢ VMware vSphere infrastructure should already be deployed. ESX/ESXi hosts must be v5.x and above, and these must be managed by vCenter v5.x or v6.x.
➢ NSX-V is supported by connecting to an NSX Manager when paired with a vCenter instance. ControlUp Analyzer supports NSX Manager v6.2 and above.
➢ VMware Horizon is supported by connecting to a Connection Server. For Connection Servers that are part of a single replication group, it is required to establish the connection to only one Connection Server which belong to the group. Also, if there is a Load Balancer configured with session persistence, it can be used to connect to a Connection Server in a replication group. ControlUp Analyzer supports Horizon v6.x and above.
➢ HW Compatibility checks are performed on ESXi v6.0 and above. ➢ The ControlUp Analyzer appliance is normally deployed into an existing vSphere infrastructure.
Appropriate resource allocation for the appliance is selected during the deployment process. The standard sizing options are small/medium/large with resources allocated as follows: ● Small (use this configuration for small environments: up to 25 Hosts)
▪ 2 vCPU ▪ 4 GB RAM ▪ 120GB Storage ▪ 100Mbit network (1GBit or above recommended)
● Medium (use this configuration for medium deployments: up to 150 Hosts) ▪ 4 vCPU ▪ 8 GB RAM ▪ 120GB Storage ▪ 100Mbit network (1GBit or above recommended)
● Large (use this configuration for large deployments: up to 400 Hosts) ▪ 8 vCPU ▪ 32 GB RAM ▪ 120GB Storage ▪ 100Mbit network (1GBit or above recommended)
➢ A user with the following privilege at vCenter level is needed:
Minimum required:
• Read Only
[Note] The minimum required permission for the Analyzer to perform scanning is Read Only. However, in this case collection will not be fully comprehensive and it will not be possible to report issues related to some areas of the configuration (such as device-specific info from ESXi hosts (driver, firmware)). In order to provide a fully comprehensive analysis, the additional privileges provided below will ensure that
sufficient information is collected for 100% of the checks performed by ControlUp Analyzer:
![Page 6: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/6.jpg)
6 | P a g e
ControlUp Analyzer User Guide September 2019
Required for CIM collection:
• Host > CIM > CIM interaction
Required for VSAN configuration collection:
• Global > Settings
Required for files collection:
• Host > Configuration > Firmware
Required for Kernel modules collection:
• Host > Configuration > Change settings
Required for auto ESXi syslog configuration:
• Host > Configuration > Advanced settings
• Host > Configuration > Change settings
• Host > Configuration > Security profile and firewall
Required for auto VM syslog configuration:
• Virtual Machine > Configuration > Advanced
Required for auto Web Client registration:
• Extension > Register extension
• Extension > Update extension
Required for HW Compatibility:
• Host > Configuration > Change settings
• Global > Settings
➢ For connection to NSX-V a user with the following privileges in NSX Manager is needed: Minimum requirement:
• Auditor
Recommended:
• Security administrator – required to leverage the NSX Custom Dashboard Widget for ControlUp.
[Note] Due to constraints in NSX Manager prior to v6.3.3 ControlUp Analyzer is unable to automatically validate that an NSX Manager is registered to a specific vCenter. You'll be asked to provide confirmation during the connection process.
![Page 7: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/7.jpg)
7 | P a g e
ControlUp Analyzer User Guide September 2019
Authentication source:
• Local - local CLI user can be created following the below procedure: 1. Open console session to NSX Manager and log in with the Administrator account 2. Switch to Privilege mode using the “enable” command 3. Switch to Configuration mode using the “configure terminal” command 4. Add a CLI user account using the “user <username> password (hash | plaintext) <password>” command Example: user cliuser password plaintext abcd1234 5. Save the configuration with “write memory” command 6. Allow the created CLI user to run the REST API calls using the “user <username> privilege web-interface” command 7. Issue POST request to “https://<NSX-IP>/api/2.0/services/usermgmt/role/<username>?isCli=true” endpoint with user having administrator privileges to assign a role to the newly created CLI user. Example of the body content assigning “auditor” privilege: <accessControlEntry> <role>auditor</role> <resource> <resourceId>globalroot-0</resourceId> </resource> </accessControlEntry> 8. Now you'll be able to use the new CLI user for connection to NSX Manager
• Domain - domain users are supported on NSX-v 6.4 and later
➢ For connection to a Connection Server a user with the following privileges in Horizon is needed: Recommended:
• Administrators (Read only).
➢ Required ports:
Source Destination Protocol Port Description Comment
RCA vCenter TCP 443 Collection of data using
vSphere SDK (vCenter, ESXi,
VMs configuration settings)
required for core
product functionality
RCA ESXi TCP 443 Collection of data from ESXi
servers (file-level
configuration settings)
needed for file-level
checks
RCA ESXi TCP 5988,
5989
CIM data collection from
ESXi servers
needed for CIM data
(will be replaced by
![Page 8: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/8.jpg)
8 | P a g e
ControlUp Analyzer User Guide September 2019
beginning of 2019-Q1)
RCA NSX Manager TCP 443 Collection of data using
NSX-v REST API (NSX
configuration settings)
required for core
product functionality (in
case NSX-v functionality
is required)
RCA Horizon TCP 443 Collection of data using
Horizon API (Horizon
configuration settings)
required for core
product functionality (in
case Horizon
functionality is required)
ESXi RCA UDP 514 Syslog data collection needed for log analysis
RCA updates.runecast.com TCP 443 Application and rules
definition updates
needed for online
updates only
User
browser
RCA TCP 80,
443,
31415
RCA web interface HTTP always redirects to
HTTPS
vSphere
Web
Client
RCA TCP 443 Web client plugin
communication to RCA
needed for displaying
results in WebClient
REST API
client
RCA TCP 443 ControlUp Analyzer API
clients communication
needed for REST API
SPOG RCA TCP 443 Single pane of Glass to RCA
communication
needed for displaying
results from multiple
analyzers
User
browser
SPOG TCP 443 Single pane of glass web
interface
user access to SPOG
RCA LDAP TCP 389 RCA communication to AD needed for connection
to a DC on a regular
LDAP port
RCA LDAP SSL TCP 636 RCA communication to AD needed for connection
to a DC on a protected
LDAPS port
RCA DNS TCP 53 RCA communication to DNS required for core
product functionality
➢ Internet Connectivity: ControlUp Analyzer is packaged as a virtual appliance in OVA format that is deployed into your
![Page 9: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/9.jpg)
9 | P a g e
ControlUp Analyzer User Guide September 2019
virtual infrastructure. All data and logic necessary for full operation is contained in the appliance. No data is transmitted from the ControlUp Analyzer outside of your data center. Optionally, the ControlUp Analyzer can be connected to the Internet to download zero-touch updates for knowledge definitions and application updates. A fully off-line update mechanism is provided using files (.ISO and .bin). You can download the offline update iso file here: https://updates.runecast.com/runecast-analyzer-vmware/rcupdate.iso. You can download the knowledge definitions update here: https://updates.runecast.com/definitions/kbupdates.bin.
➢ Supported browsers to access the ControlUp Analyzer Web Interface: Chrome v68.0.3440.106 and
newer, Firefox v50.0.2 and newer, MS Edge v38.14393.0.0 and newer.
1.2 Deployment 1. Download the ControlUp Analyzer OVA file and deploy from your download location. You can
download the file from https://updates.runecast.com/RunecastAnalyzer/ControlUpAnalyzer.ova
2. Accept the license agreement.
3. Select the VM name and folder, select the destination host, datastore and network on your
environment.
4. In Customize template, configure the network configuration for the ControlUp Analyzer appliance.
5. Review the settings and click Finish.
6. Power on the appliance. After the boot process has finished, you should see the appliance console
displaying the URL to the application and how to access the ControlUp Console Interface.
7. If you need to change the settings of the appliance itself (network configuration, update settings),
you can login to the Console Interface of the ControlUp Analyzer appliance (default user: rcadmin /
password: admin)
1.3 Initial Configuration This section describes the initial configuration steps for the ControlUp Analyzer appliance including
connections to the vSphere environment and NSX Manager (if available) or Horizon Connection Server. It
includes adding settings for vCenter, NSX Manager, Horizon Connection Server, Web Client Plug-in, licensing,
log forwarding, and performing an initial analysis.
1.3.1 Connect to a System and Analyze 1. From a browser, navigate to the ControlUp Analyzer Web Interface url: https://applianceIP and login
with default credentials:
user: rcuser
password: ControlUp!
2. During the first login no vCenter connections will exist so you will be prompted to configure a
![Page 10: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/10.jpg)
10 | P a g e
ControlUp Analyzer User Guide September 2019
connection to your vCenter server. Enter the vCenter connection info (see System requirements
section above for required privileges) and Continue to the next step.
3. Confirmation of successful connection is displayed. You now have the option to configure
automatically scheduled scans. We encourage you to schedule them to benefit from continuous
reporting. From this screen you are able to trigger the first analysis using the Start analysis button.
4. Optionally, you can help to improve ControlUp Analyzer by sending limited anonymous usage data.
The telemetry data contains the following information:
• Version of ControlUp Analyzer.
![Page 11: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/11.jpg)
11 | P a g e
ControlUp Analyzer User Guide September 2019
• Number of Systems (NOT their IP or name).
• Issues discovered and their severity (NOT the objects affected).
• % of best practice adoption and security compliance (NOT the objects affected).
• Preferences in settings like activation of DISA STIG, PCI DSS, HIPAA, Automatic Scheduler and
the total number of CPUs (NOT the objects affected).
• User actions like display dashboard, display settings, add System, remove System and start
the analysis (NOT the objects affected).
• Hardware details like manufacturer, description, disks, bios/firmware/driver versions (NOT
their IP or hostname).
• Browser used and version.
[Note] You always have the option to change your preference from the User profile tab under Settings. Once a license has been applied, the data collection will turn off automatically. If you would like to continue sending information to improve ControlUp Analyzer, you can turn it on from User profile under Settings.
5. To connect additional vCenter servers navigate to Settings and select Connections tab. Click Add
vCenter button and follow these steps:
• Enter the vCenter connection information and click Continue to the next step.
• Validate the successful connection to vCenter. During validation an attempt to
automatically detect NSX will be in process. If no NSX Manager is detected, this step will be
skipped. If a NSX manager is detected then the connection settings will be shown. Enter the
username and password of an account with at least auditor permissions to add NSX to
![Page 12: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/12.jpg)
12 | P a g e
ControlUp Analyzer User Guide September 2019
ControlUp Analyzer and benefit from the same functionality ControlUp Analyzer offers for
vSphere. If you skip setting up the NSX connection at this point it can be established later.
• Click Continue to proceed to the last step.
• The last step will summarize the actions to be performed by ControlUp Analyzer after
clicking the Finish button.
Once you have added one or more vCenters (and optionally, NSX Managers) an overview of all
connections will be presented including the status of NSX and also the Web Client Plug-in installation
![Page 13: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/13.jpg)
13 | P a g e
ControlUp Analyzer User Guide September 2019
status:
• The NSX column will display one of these states:
- Not present: if no NSX was found to be connected to vCenter server.
- Discovered: if NSX was discovered but it was not added to ControlUp Analyzer.
- If NSX has been added it will be marked with the symbol .
• The Web client plugin column will display one of the states:
- Not installed
- Installed
Additional operations for Web Client Plug-in can be triggered from the Actions button. For
more detail about the plug-in please read the section Registering the Plug-in with vCenter
server.
Both vCenter and NSX can be reconfigured by using the button, made available on hover.
Multiple actions can be performed from the dropdown Actions button located on the right side.
6. To connect to Horizon Connection Server (or Load Balancer) click Add Horizon button and follow
these steps:
• Provide the Horizon information and click Continue to the next step.
![Page 14: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/14.jpg)
14 | P a g e
ControlUp Analyzer User Guide September 2019
• Under the Related vCenters tab of the Horizon connection are listed all vCenter Servers
which are configured for the particular Horizon environment. For complete and more
relevant results it is recommended to add all Horizon vCenter Servers to ControlUp Analyzer.
The vCenters marked with a checkbox are already connected to ControlUp Analyzer. The
ones which are missing have an Add vCenter link that will open the interactive dialog to add
the vCenter to ControlUp Analyzer.
![Page 15: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/15.jpg)
15 | P a g e
ControlUp Analyzer User Guide September 2019
[Note] It is not possible to compare the vCenter Servers UUID prior to Horizon v7.4. If you're using Horizon v7.4 or older, please ensure you add the vCenter Servers in ControlUp Analyzer with the same name as added in Horizon.
7. Click the Analyze Now button on the top navigation bar to perform an initial analysis.
8. If only one System is configured it will be scanned. If multiple Systems (vCenters or Horizon
Connection Servers) are connected you can choose which Systems to analyze (you can select them all
or choose specific ones).
9. After the analysis process has completed (the time taken can vary depending on number of Systems
selected to be scanned and the size of environments) you can navigate to the dashboard and various
views to see the results.
1.3.2 Licensing ControlUp Analyzer ControlUp Analyzer is licensed based on the number of CPU sockets in your environment. It comes with a 14
day evaluation period without needing to add a license. During the trial evaluation period full functionality is
provided in the application, although detail is not provided for all issues. In order to add and assign a valid
license to your hosts, follow the steps below.
1. Click the Settings icon located on the right side of the top navigation bar.
![Page 16: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/16.jpg)
16 | P a g e
ControlUp Analyzer User Guide September 2019
2. Click the Licenses tab.
3. Click Add License to start the two step wizard for adding and assigning a license.
4. In Step 1 of the wizard, select a valid license file you obtained from ControlUp and write a license
description. Click Add License.
[Note] This action will add the license to your ControlUp Analyzer appliance but will not assign it to any
specific hosts. Proceed to the next step.
5. In Step 2 of the wizard, you can select specific hosts to license. Select the hosts from the Unlicensed
hosts column and click on > to move them under Licensed hosts on the right-hand side. If the hosts
have already been licensed, they will not appear under Unlicensed hosts. Click Assign License once
you are done.
![Page 17: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/17.jpg)
17 | P a g e
ControlUp Analyzer User Guide September 2019
The license you specified at Step 1 of the wizard was added to your ControlUp Analyzer appliance and it was
assigned to the host you specified in Step 2. Once added, the license appears in the licenses list:
Click Manage to change the license assignment or description. You can click Remove to remove the license
from the list and disassociate it from hosts.
1.3.3 Configure Log Collection ControlUp offers real-time analysis of logs received from the vSphere hosts and VMs. Your hosts may already
be forwarding their logs to a standard syslog collector. ControlUp Analyzer can be configured as an additional
syslog destination; logs will continue to be sent to your other syslog server(s) and you do not need to delete
any current syslog server addresses. ControlUp will retain only the relevant log entries that may indicate a
potential issue.
Configure log settings for all ESXi hosts and VMs in order to maximize the data being analyzed for issues.
[Note] The log configuration can be carried out at any time. ControlUp Analyzer will start analyzing the logs
immediately after they are forwarded to the appliance. If you would like to setup log collection later, you can
skip this step.
1.3.3.1 ESXi Log Forwarding – Automatic Setup 1. Ensure that the vCenter user you have configured has the following privileges:
• Host > Configuration > Advanced settings
• Host > Configuration > Network configuration
2. Click the Settings icon located on the right-hand side of the top navigation bar and select the Log
Analysis tab.
![Page 18: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/18.jpg)
18 | P a g e
ControlUp Analyzer User Guide September 2019
3. Click the Edit button to configure log retention. This can be set according to the number of days
retained and maximum size of logs retained on disk.
4. Observe the list of vCenters connected to ControlUp Analyzer appliance. Clicking on each one will
expand the list of hosts belonging to the selected vCenter and will display whether they are
configured to send their logs to the ControlUp Analyzer appliance (either a green checkmark or a red
cross).
5. Click the wrench icon located on the right-hand side of the Host syslog settings section.
6. Select the hosts that are not configured and click Configure. Confirm the changes by clicking OK.
[Note] Some checkboxes may appear in grey – this means they are not selectable due to insufficient
privileges for the vCenter user configured. Refer to Step 1 for more information.
7. The Reload button is used for fetching the syslog settings from all connected vCenters. To fetch a
specific vCenter server use the 🔄 icon located to the right-hand side of the selected vCenter.
1.3.3.2 ESXi Log Forwarding – PowerCLI Script Setup Alternatively, you can use a PowerCLI script to configure ESXi logging:
1. Click the help ring icon located to the right-hand side of the Host syslog settings section in the Log
Analysis tab.
2. Expand the section and click to download the PowerCLI script.
3. You can review the script before execution and make changes if needed.
4. Execute the script using PowerCLI.
1.3.3.3 ESXi Log Forwarding – Manual Setup If you prefer to configure the ESXi syslog settings manually then follow the steps provided in this section. For
each ESXi host in you environment, perform the following:
Navigate to the Syslog.global.logHost setting:
1. (Web Client) select the ESXi host > Manage > Settings > Advanced System Settings
2. (vSphere Client) select the ESXi host > Configuration > Advanced Settings > Syslog
3. Add udp://applianceIP:514 to the value of Syslog.global.logHost (if you already have another remote
syslog configured, append the value and separate it with a comma). Click OK.
4. Navigate to Security profile > Firewall > Properties.
5. Make sure that syslog is enabled. Click OK.
[Note] You can read more about enabling remote syslog in the VMware KB article 2003322.
1.3.3.4 Enable VM Log Forwarding to Syslog – Automatic Setup VM log forwarding is only effective if you have configured ESXi log forwarding (see above).
![Page 19: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/19.jpg)
19 | P a g e
ControlUp Analyzer User Guide September 2019
By default, a VM will log to files located in the VM directory. In order to forward the VM logs to syslog
automatically, follow these steps:
1. Ensure that the vCenter user you have configured has the following privileges:
• Virtual Machine > Configuration > Advanced
2. Click the Settings icon located on the right side of the top navigation bar and select the Log Analysis
tab.
3. Observe the list of vCenters connected to the ControlUp Analyzer appliance. Clicking on each one will
expand the list of VMs belonging to the selected vCenter and whether they are configured to send
their logs to the ControlUp Analyzer appliance (either a green checkmark or a red cross).
4. Click the wrench icon located on the right-hand side of the VM log settings section.
5. Select the VMs that are not configured and click Configure.
6. Perform either a vMotion or Power Cycle for each VM. This ensures that the configuration is applied
and thereafter logs will be sent from the VM.
[Note] Some checkboxes may appear in a grey color – this means that they are not selectable due to
insufficient privileges for vCenter user you have configured. Refer to Step 1 for more information.
1.3.3.5 VM Log Forwarding – PowerCLI Script Setup Alternatively, you can use a PowerCLI script to configure VM logging:
1. Click the help ring icon located on the right side-hand of the VM log settings section of the Log
Analysis tab.
2. Expand the Scripted section and download the PowerCLI script.
3. You can review the script before execution and make any changes if needed.
4. Execute the script using PowerCLI.
5. Perform either a vMotion or Power Cycle for each VM. This ensures that the configuration is applied
and thereafter logs will be sent from the VM.
1.3.3.6 Enable VM Log Forwarding to Syslog - Manual If you prefer to configure the VM log settings manually then follow the steps in this section. VM log
forwarding will only be effective if you have previously configured ESXi log forwarding.
By default, a VM will log to files located in the VM directory. In order to forward the VM logs to syslog, follow
these steps for each VM:
1. Power off/Shutdown the VM.
2. In the VM Hardware panel, click Edit Settings > VM Options.
3. Click the Advanced triangle to expand the advanced virtual machine options.
![Page 20: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/20.jpg)
20 | P a g e
ControlUp Analyzer User Guide September 2019
4. Select Enable logging.
5. Click Configuration parameters.
6. Click Add Row.
7. In name column insert: vmx.log.destination, In value column insert: syslog-and-disk
8. Click Add Row.
9. In name column insert: vmx.log.syslogID
10. In value column insert the specific VM name. Click OK twice.
![Page 21: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/21.jpg)
21 | P a g e
ControlUp Analyzer User Guide September 2019
2 Working with ControlUp Analyzer
2.1 What is an Issue? In ControlUp Analyzer, an Issue represents a discovered problematic combination of infrastructure values
such as configuration settings, log patterns, software and hardware type and versions, etc. The discovered
combination of values is considered problematic based on information from various sources including
VMware Knowledge Base articles, official VMware Security Hardening Guide and industry Best Practices.
An issue in ControlUp Analyzer has several fields:
• Severity: This grades the estimated importance of the issue based on its general impact and
importance. Depending on the specifics of your environment, it is possible that certain issues may
have a different importance than the suggested severity.
• AppliesTo: The virtual infrastructure layer the issue affects – Compute, Network, Storage, VM,
Management.
• Affects: The infrastructure quality the issue affects – Availability, Manageability, Performance,
Recoverability, Security.
• Products: Supported products by ControlUp Analyzer (vSphere, NSX-V, vSAN, Horizon)
• Objects: The number of objects (e.g. VMs, Hosts, Datastores) affected by this issue.
• Title: A short description of the issue.
• Count: This field is applicable only to log related KBs. The number of problematic log pattern
occurrences within the specified period of time.
• Last seen date: This field is applicable only to log related KBs. The last date and time when the
problematic log pattern was detected.
• Result: This field is applicable only to Security hardening section. Presents the status of security rule
based on the findings results: Pass or Fail.
• Vulnerability id: This field is applicable only to DISA STIG. The identification id set by Information
Assurance Support Environment on their rules list.
• Control id: This field is applicable only to PCI DSS. The identification id set by Payment Card Industry
Security Standards Council on their documentation list.
• Milestone: This field is applicable only to PCI DSS. Milestones are defined in the PCI DSS standard
to enable you to use the “Prioritized Approach” to prioritize higher risk issues.
• Rule ID: This field is applicable only to HIPAA. The identification id set by Health Insurance Portability
and Accountability Act on their documentation list.
![Page 22: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/22.jpg)
22 | P a g e
ControlUp Analyzer User Guide September 2019
Once you expand an issue in the ControlUp Analyzer interface, you can view additional fields:
• Source: The source describing the issue – Knowledge Base, Security Hardening Guide, Best Practice.
• Reference: A link to online resources further describing the issue.
• Date of last update: The date when the issue definition was last updated in the ControlUp Analyzer
database.
• Impact: The relative potential impact of the issue – 1 is low and 3 is high.
• Importance: The importance of this issue – 1 is low and 3 is high. The issue importance depends on
the infrastructure quality it relates to (Availability, Manageability, Performance, Recoverability,
Security) and the infrastructure layer it impacts (Compute, Storage, Network, VM, Management). For
example, if the issue is Security- or Availability-related and applies to the Compute layer then the
Importance will be higher. If the issue impacts Manageability of individual VMs then the Importance
will be lower.
• Risk rating: The sum of Impact and Importance.
• Findings: This is an important tab that shows the list of affected objects (e.g. VMs, Hosts,
Datastores). For each object, the settings that were found to be problematic or the log messages
that need to be reviewed are displayed. Click on an object from the affected objects list on the left to
see the list of findings listed on the right. The findings list displays the description and current value
of each finding that needs to be reviewed. In case of log-related KBs, you can see the exact log
messages associated with the described issue.
• Note: Here you can add a note to any Knowledge Base article, Best Practice or Security Hardening
check. The notes are not linked to the actual check (not to a detected issue) – so even if you have a
Security Hardening check which is with Pass status, you can still add a note to it.
• Ignore: You will be able to filter out the current KB/SH/BP against infrastructure objects based on
your selection.
2.2 What is an Object? An Object, also referred to as configuration item is an inventory object from the virtual infrastructure.
Objects can be vCenter, hosts, VMs, datastores, virtual switches, resource pools, farms, security servers etc.
2.3 Context Gives the possibility to select a single System (vCenter Server or Horizon Connection Server) or all. Depending
on the selection made the rest of the interface will show the appropriate information on MAIN MENU and
CONFIGURATION ANALYSIS. This is not applicable to LOG ANALYSIS which is general for all Systems.
2.4 MAIN MENU Contains three subsections presenting an overview of the environment, issues discovered and history trend.
![Page 23: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/23.jpg)
23 | P a g e
ControlUp Analyzer User Guide September 2019
2.4.1 Dashboard The ControlUp Analyzer dashboard is the central page that provides a summary of your virtual environment
and detected issues. Navigate to the ControlUp Analyzer Web Interface url: https://applianceIP and login
with valid credentials. By default, the local user credentials are:
User: rcuser
Password: ControlUp!
If you have configured ControlUp Analyzer to use Active Directory then you can use an Active Directory
account. Make sure to specify the username in one of the following formats:
▪ username
Based on number of Systems configured (one or multiple), and the selection done on the CONTEXT, the
Dashboard will provide slightly different views:
Components displayed when only one System (vCenter Server) is connected:
● Analyze now button
● Configuration Issues by Severity
● Configuration Issues by Layer
● Log Issues
● KBs Applicable
● Security Compliance
● Best Practice Adoption
● Issues History
● Hosts with Most Issues
● Analysis Detail
Components displayed when only one System (Horizon Connection Server) is connected:
● Analyze now button
● Configuration Issues by Severity
● KBs Applicable
● Best Practice Adoption
● Issues History
● Analysis Detail
Components displayed when multiple Systems are connected (All Systems):
● Analyze now button
● Configuration Issues by Severity
● Configuration Issues by Layer
● Log Issues
![Page 24: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/24.jpg)
24 | P a g e
ControlUp Analyzer User Guide September 2019
● KBs Applicable
● Security Compliance
● Best Practice Adoption
● Issues History
● Hosts with Most Issues
● My Systems
2.4.1.1 Analyze now button Click this button to initiate a scan and perform an analysis of all configuration data in your virtual
infrastructure. It is recommended that you enable and configure automated scheduled scans – see Automatic
scheduler (for more information about Analyze now button please check section 1.3.1 Connect to a System
and Analyze).
2.4.1.2 Configuration Issues by Severity The widget located at the top-left corner of the dashboard provides a quick summary on the number of
issues found in the environment, grouped by severity. In the All Systems view it provides the summary across
all Systems connected.
2.4.1.3 Configuration Issues by Layer The widget is located in the left side of the dashboard, below Configuration Issues by Severity. It provides a
quick summary of the number of issues found in the environment, grouped by layer and severity. Each
severity has a related icon ( - Critical, - Major, - Medium, - Low). In the All Systems view it
provides the summary across all vCenters connected.
2.4.1.4 Four Key-metric Badges ➢ Log Issues: Number of Knowledge Base related issues discovered in logs. In the All Systems view this
is the number of Knowledge Base related issues discovered across all Systems connected.
➢ KBs Applicable: Number of Knowledge Base related issues discovered in the Systems configuration.
The number of current issues found will be accompanied by an arrow representing the average of
the last five scans. Its direction will indicate a trend factoring the current value and average historical
values. The historical trending will also be displayed by a sparkline. In the All Systems view this is the
number of Knowledge Base related issues discovered across all Systems connected.
➢ Security Compliance: The level of security compliance based on all security checks performed as part
of the Security Hardening view. The compliance percentage will be accompanied by an arrow
representing the average of the last five scans. Its direction will indicate a trend factoring the current
value and average historical values. The historical trending will also be displayed by a sparkline. In
the All Systems view this is the level of security compliance across all vCenters connected.
➢ Best Practice Adoption: The level of Best Practice adoption, based on all best practices enabled as
part of the Best Practices view. The Best Practice percentage will be accompanied by an arrow
representing the average of the last five scans. Its direction will indicate a trend factoring the current
![Page 25: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/25.jpg)
25 | P a g e
ControlUp Analyzer User Guide September 2019
value and average historical values. The historical trending will also be displayed by a sparkline. In
the All Systems view this is the level of Best Practice adoption across all Systems connected.
2.4.1.5 Issues history The bar chart provides an overview of the issue count evolving over time.
If the Days view is selected, then each day will be represented by a bar along the x-axis. When hovering over
a bar, it will display the number of issues (this is also shown for each severity, represented with the
corresponding color) of the last scan during that day. Where no scans were performed during the day, the
bar color will be less vivid and on hover the message No analysis on this day will be shown.
If the Weeks view is selected, then each week will be represented by a bar along the x-axis. When hovering
over a bar, it will display the number of issues (this is also shown for each severity, represented with the
corresponding color) calculated as an average for the entire week. Where no scans were performed during
the entire week, the bar color will be less vivid and on hover the message No analysis on this week will be
shown.
2.4.1.6 Hosts with Most Issues A list displayed below the Issue History shows the hosts having the highest number of issues. The hosts
included in the analysis will depend which vCenter(s) are selected in the CONTEXT. The issue count will be
accompanied by corresponding severity icons.
2.4.1.7 My Systems / Analysis Detail At the bottom of the Dashboard more detailed information concerning Systems scan results is available.
When All Systems is selected in the CONTEXT, then a list of all Systems connected to ControlUp Analyzer will
be shown. The number of issues found in Logs, KBs and also the percentage for Security Compliance and Best
Practice Adoption are visible for each System row. Expanding any row will show further details about the
checks performed and objects analyzed. The “Analyze now” button is also available in each row providing a
quick way to trigger a scan for the selected System.
When a single System is selected in the CONTEXT, a Dashboard widget is shown at the bottom entitled
“Analysis Detail”. This will show further lower-level details for the System selected about the checks
performed and objects analyzed.
2.4.1.8 Generate Report button A PDF report will be generated reproducing the full dashboard overview (as displayed in the user interface).
This provides a colorful and graphical management report that includes the standard badges and statistics
showing the overall system health. Additionally, a list of the top 50 Issues is also included.
2.4.2 Inventory View Browse through your virtual infrastructure objects hierarchically using the Inventory feature. The number of
detected issues is shown alongside inventory objects in the tree-view shown. Click on an object to open a
detailed list of associated issues.
![Page 26: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/26.jpg)
26 | P a g e
ControlUp Analyzer User Guide September 2019
2.4.3 All Issues View This view combines all types of detected issues into a single chart and table – Configuration KB issues, Best
Practice, Security Hardening checks and Log KB issues. By default the list of current issues (at the last scan) is
displayed. This view is easy customized by using filters and/or selecting historical points in time.
At the top of the view, six dropdown buttons (vCenters, Severity, Source, Applies to, Affects, Products)
provide the possibility to filter the data displayed. The list of filters applied is shown directly under the
dropdown buttons. Filters are applied to the history chart and also to the list of results. Two other features
are found at the top-right. The Search bar gives the possibility to search for text in Title. The Export button
provides the option to export the Result table in different formats (.pdf, .csv). If selected, the option include
affected objects will output each affected object together with low-level results for their specific findings.
The history chart is provided to visualize issue levels or objects number over the time period shown. Use one
of the two buttons Objects/Issues to switch to the desired view. The time period can be selected by using the
calendar control. Each scan is represented using dots, which will display additional information (date/hour of
the scan and the number of issues found) when the user hovers over them.
If a specific point in time is selected when clicking on the selected date, this is confirmed with blue edges
being shown around the dots. This selection will modify the Results table and the issues found will be
relevant to the date selected. Remember that any dropdown filters selected will also affect the results based
on their selection.
A widget is shown on the right-hand side of the chart providing the count of Current Issues found during the
last scan. The number of issues displayed is affected by any filters applied from the dropdown buttons found
at the top of this page. This is also affected by any filters applied using the Ignore button within a specific
issue, or Filters applied in the Settings -> Filter page.
![Page 27: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/27.jpg)
27 | P a g e
ControlUp Analyzer User Guide September 2019
If the Results table has been modified to display issues from a specific date or selected using the chart and
point in time dots, just click on the Current Issues widget so that the table provides the current results.
An important feature allows you to understand changes between two consecutive scans. This is found on the
right-hand side of the Results table and is named Compare with previous result. Once you click on it, a
popup window will open showing a summary of changes.
[Note] If any filters have been applied using the drop-down buttons in the All Issues View, this will also be
applied to the popup and so will affect the Systems and issues displayed.
The time range for the comparison is shown at the top of the pop-up. The dates/hours refer to the points in
time when the scans being compared were triggered. You can navigate to Previous or Next to move between
consecutive scans and quickly show a comparison for the newly selected scans.
![Page 28: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/28.jpg)
28 | P a g e
ControlUp Analyzer User Guide September 2019
Summary offers an overview of new, resolved and total numbers of issues. It also shows the number of
Systems scanned.
Change Log will show the New issues found. Each one will display these attributes:
➢ Title of issue and severity (represented by the specific icon).
➢ The type of change is shown using one of the following statuses:
• New – the issue was not found in the previous scan.
• Resolved – the issue was present in the previous scan but it was not found in the next one.
• Partially resolved – the number of objects affected is less than in the previous scan.
• Increased – the number of objects affected is higher than in the previous scan.
➢ Number of objects affected by the issue.
➢ Issue detail – on click this will open an additional tab containing the full issue description.
➢ Activity table showing the objects affected by the changed status between two consecutive scans.
If there are no changes between two consecutive scans then just the total issues and Systems scanned
will be displayed.
[Note] To improve performance and reduce storage usage, historical data older than twelve months will be
displayed in a simplified view. The changes are reflected in the following areas:
• A historic issue’s results are no longer available for comparison with other results and the button
used for this action will be replaced with a Simplified Results label.
• The Findings tab within historic issues will no longer contain the affected objects and their values.
• When generating reports via the Export button, located in the top right corner of the screen, the
option to include the affected objects is not available anymore.
![Page 29: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/29.jpg)
29 | P a g e
ControlUp Analyzer User Guide September 2019
2.5 CONFIGURATION ANALYSIS This section includes several views of configuration issues that were detected from scanning the entire virtual
infrastructure and by analyzing the configuration settings. Each view provides the capability to Export (at the
top-right of the screen) the issues shown in the table. You also have the option to include affected objects
which will output each affected object and the objects’ findings values.
2.5.1 Config KBs Discovered This view lists all detected issues within the scanned virtual infrastructure that were derived from VMware
Knowledge Base articles.
2.5.2 Best Practices This view includes industry best practices related to VMware’s recommendations. Each best practice is
checked against the configuration items from the scanned virtual infrastructure. If a specific best practice is
followed for all related objects, the best practice item is marked as Pass. If it is not followed for at least one
of the affected objects, then it is marked as Fail. Expanding the best practice section will show details on
affected objects and provide the settings that do not align with the best practice.
2.5.3 Security Hardening This section contains security and compliance policies related to VMware’s guidelines, DISA STIG and PCI DSS.
2.5.3.1 VMware Guidelines The security rules displayed in this view are taken from the official VMware Security Hardening guides. Their
severity differs based on the type of security check:
• Low Severity: Security hardening that is intended for highly secure environments only.
• Medium Severity: Security hardening that relates to common environments.
• Major Severity: Security hardening that can relate to any environment and is related to a host or a
network configuration item.
Regardless of the original severity, some security rules may not be required for your organization’s security
policy. You might need to customize the displayed security checks by filtering those that are not included in
your organization’s security policy. For more information, see Filters.
Every security check can either Pass or Fail. In cases where there is at least one object in your infrastructure
that is not compliant with a specific security check, this check will be marked as Fail. The list of non-compliant
objects can be viewed in the details of the affected objects section.
2.5.3.2 DISA STIG 6 The security rules displayed in this view are taken from the official Information Assurance Support
Environment (IASE) website. Their severity differs based on the type of security check:
• Low Severity: Any vulnerability, the existence of which degrades measures to protect against loss of
Confidentiality, Availability, or Integrity.
![Page 30: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/30.jpg)
30 | P a g e
ControlUp Analyzer User Guide September 2019
• Medium Severity: Any vulnerability, the exploitation of which has a potential to result in loss of
Confidentiality, Availability, or Integrity.
• High Severity: Any vulnerability, the exploitation of which will directly and immediately result in loss
of Confidentiality, Availability, or Integrity.
Regardless of the original severity, some security rules may not be required for your organization’s security
policy. You might need to customize the displayed security checks by filtering those that are not included in
your organization’s security policy. For more information, see Filters.
Analysis results can display the following states:
• Fail: will be displayed where there is at least one object in your infrastructure that is not compliant
with a specific security check. The list of non-compliant objects can be viewed in the details of the
affected objects section. No Manual check is involved.
• Pass: will be displayed in case that no object is found to be non-compliant. No Manual check is
involved.
• Manual: An answer to Manual check is required.
• Fail (M): will be displayed where there is at least one object in your infrastructure that is not
compliant with a specific security check. The list of non-compliant objects can be viewed in the
details of the affected objects section. A Manual check is involved.
• Pass (M): will be displayed where no object is found to be non-compliant. A Manual check is
involved.
2.5.3.3 PCI DSS The requirements and controls cited in the profile are taken from PCI DSS v3.2.1 (May 2018). The milestones
displayed in this view are taken from the PCI DSS “Prioritized Approach”. The Prioritized Approach provides
six security milestones that help merchants and other organizations incrementally protect against the highest
risk factors and escalating threats while on the road to PCI DSS compliance. Milestones range from 1-6, with 1
being the highest priority and 6 being the lowest:
• 1 - Remove sensitive authentication data and limit data retention. This milestone targets a key area
of risk for entities that have been compromised.
• 2 - Protect the perimeter, internal, and wireless networks. This milestone targets controls for points
of access to most compromises – the network or a wireless access point.
• 3 - Secure payment card applications. This milestone targets controls for applications, application
processes, and application servers.
• 4 - Monitor and control access to your systems. Controls for this milestone allow you to detect the
who, what, when, and how concerning and who is accessing your network and cardholder data
environment.
• 5 - Protect stored cardholder data. For those organizations that have analyzed their business
processes and determined that they must store Primary Account Numbers, Milestone Five targets
key protections mechanisms for that stored data.
![Page 31: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/31.jpg)
31 | P a g e
ControlUp Analyzer User Guide September 2019
• 6 - Finalize remaining compliance efforts and ensure all controls are in place. The intent of Milestone
Six is to complete PCI DSS requirements and finalize all remaining related policies, procedures, and
processes needed to protect the cardholder data environment.
Regardless of the original severity, some security rules may not be required for your organization’s
interpretation of the security policy. You might need to customize the displayed security checks by filtering
those that are not required. For more information, see Filters.
PCI DSS contains two types of rules (Customizable and Non-customizable). The main difference between
them is that Customizable rules allows the user to change the parameters default values, used by the checks,
to the desired ones. Additional filter tab named Customizable can be used to quickly select one of the two
types. To change the default values, expand the rule marked as Customizable and navigate to Customize tab.
A short note describing the setting purpose and its default value is available. Click on the Add Custom Value
button, insert the custom value on the dedicated field and select an inventory object which will be evaluated
against new value. By selecting a parent object, the value will be propagated to its children. After pressing
the Save button you will be able to see a new line presenting the object in scope, the custom value, the user
name and the time when he updated the value. Multiple values can be added to different inventory objects.
A value set to children object will rewrite the value set on parent level. After customization is done don't
forget to Analyze the environment so the new values are taken into account. Each one of the customized
rules will be flagged with a C mark in the Result status column.
Every security check can either return a result of Fail or Configured. In cases where there is at least one
object in your infrastructure that is not compliant with a specific security check, this check will be marked as
Fail. The list of non-compliant objects can be viewed in the details of the affected objects section. A result of
Configured means there are no objects failing for the specific check, but this does not mean you are fully
compliant against the whole PCI DSS requirement or control.
2.5.3.4 HIPAA This profile relates to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) published by
the Secretary of the U.S. Department of Health and Human Services (HHS).
Organizations (called “covered entities”) must put in place technical safeguards to secure individuals’
“electronic protected health information” (e-PHI). The profile lists relevant technical safeguards in the virtual
infrastructure that are automatically checked and compared against the requirements of the HIPAA Security
Standards for the Protection of Electronic Protected Health Information (the Security Rule).
Every security check can either return a result of Fail or Configured. In cases where there is at least one
object in your infrastructure that is not compliant with a specific security check, this check will be marked as
Fail. The list of non-compliant objects can be viewed in the details of the affected objects section. A result of
Configured means there are no objects failing for the specific check.
Regardless of the original severity, some security rules may not be required for your organization’s
interpretation of the security policy. You might need to customize the displayed security checks by filtering
those that are not required. For more information, see Filters.
![Page 32: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/32.jpg)
32 | P a g e
ControlUp Analyzer User Guide September 2019
2.5.4 HW Compatibility In this section the Analyzer shows you the compliance status of your hardware against VMware Hardware
Compatibility List (HCL). Keeping your vSphere hardware aligned with VMware HCL is critical for the health
and support of your virtual environment.
N.B. ESXi 6.0 and above are supported for this feature. Ensure you have the minimum required permissions
specified in System Requirements.
The feature is accessed by clicking the HW Compatibility button from the sidebar:
On selection, the Hardware Compatibility Overview screen will be shown in the main panel:
![Page 33: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/33.jpg)
33 | P a g e
ControlUp Analyzer User Guide September 2019
➢ On the left-hand side, the Action Panel contains two main components:
• The ESXi Compatibility Simulation component is offering the ability to show if your current
hardware would have compatibility with other ESXi versions available (6.0 and above), simulating
possible upgrade/downgrade based on the version selected. To enable the simulation turn on the
button located at its right-hand side. You can then choose the desired version from the revealed
drop-down list. Initiate the compatibility analysis by pressing the Simulate button. The results are
displayed on the right-hand side. The icons , or located before the ESXi Release indicate if
your selected ESXi version for simulation will be an upgrade or downgrade from the present version.
A detailed description of the right-hand side panel is described in the next paragraph.
• The Inventory Filter component provides an inventory tree, showing all vCenter Servers, and
includes nested Datacenters and Clusters (N.B. Hosts that are not part of any cluster are grouped
into an area entitled Standalone Hosts). This allows you to select appropriate objects as desired. By
default, all vCenters monitored by the Analyzer and their licensed hosts are displayed. If you want to
focus attention on specific Datacenter(s) or Cluster(s) you can tick the corresponding checkboxes
which will filter the view based on your selection.
➢ On the right-hand side of the main panel all Hosts are presented in a table offering a breakdown of
configuration and the compatibility evaluation. Cross-checks between the Host’s system Data and the
HCL industry knowledge will produce an overall state for the host (Compatible or Possibly
Incompatible ). In case of incompatibility, the parameter that contributed to this status will be
underlined by a red dotted line.
![Page 34: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/34.jpg)
34 | P a g e
ControlUp Analyzer User Guide September 2019
Optionally, you can switch between views of all Hosts or just those with issues by toggling the ON/OFF
button found in the top bar.
The option to export the report in .csv format is available by using the Export button.
For each Host, the name, inventory location, version and build number, model, CPU, BIOS and number of
I/O devices are each displayed in separate columns. By clicking on a row, an additional detail panel will
appear providing more data. If you want to see detail directly from the VMware HCL webpage you can
click on the button labelled HCL online which will open a new browser tab linked to the specific server
selected (if an internet connection is not available a message will be displayed).
The detail panel is divided into tabs:
• Server - contains a summary of the data retrieved from the ESXi host (Host Data) and data found in
the HCL (HCL Data) against multiple categories. Evaluation is done sequentially starting with Partner
data and continuing with Model, CPU series, down to BIOS. On a mismatch between Host Data and
HCL Data the evaluation process will stop, and a red exclamation symbol will be displayed to indicate
a possible incompatibility. The data also provides other known/supported options if these are
available from the HCL. Information collected from the Host will still be shown for all categories.
• I/O Devices – contains a list of all I/O devices present on the server selected. Compatibility states are
shown using a green (compatible) or red (possibly incompatible) symbol. For each device, specific
information about the PCI address and other technical IDs are shown. If you want to see the detail
on the VMware HCL webpage you can click on the button to open a new browser tab linked
specifically for the device.
![Page 35: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/35.jpg)
35 | P a g e
ControlUp Analyzer User Guide September 2019
To expand a specific device to view its detail, click on the name or symbol. You will be shown
evaluation results concerning the HCL Data. The evaluation sequence uses categories starting with
IDs, Brand Name, Model, Device Type and continuing with ESXi Release and Driver, Firmware. If
there is a mismatch between Host Data and HCL Data the evaluation will stop, showing a red symbol
to indicate a possible incompatibility. You will also be shown known/supported options if these are
available (information collected from the Host will still be shown for all categories).
• vSAN Devices – this tab will be available only when vSAN is configured. Contains two sections, one displaying the Controllers and the second one presenting information related to Disk Groups.
▪ Controllers - compatibility states are shown using a green (compatible) or red (possibly
incompatible) symbol. For each controller, specific information about name, type and other technical IDs are shown. If you want to see the detail on the VMware HCL webpage you can click on the button to open a new browser tab linked specifically for the device. To expand a specific device to view its detail, click on the name or symbol. You will be shown evaluation results concerning the HCL Data. The evaluation sequence uses categories starting with IDs, Brand Name, Model, Device Type and continuing with ESXi Release and vSAN Type, Driver, Firmware. If there is a mismatch between Host Data and HCL Data the evaluation will stop, showing a red symbol to indicate a possible incompatibility. You will also be shown known/supported options if these are available (information collected from the Host will still be shown for all categories).
![Page 36: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/36.jpg)
36 | P a g e
ControlUp Analyzer User Guide September 2019
▪ Disk Groups – are displayed without any compatibility evaluation and are providing informative data about each group and its disks.
![Page 37: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/37.jpg)
37 | P a g e
ControlUp Analyzer User Guide September 2019
On all detail tabs, the far right-hand side of each category contains a button showing a loud-speaker icon which appears on hover:
The button is available for both states – compatible or possibly incompatible and gives you the option to report an issue if a match was not made as expected, or a mismatch occurred. If an internet connection is available, clicking the loud-speaker icon will present a window showing the (anonymized) data collected. The button to send the data can then be used to submit. If an internet connection is not available, the window will provide steps to download the file and e-mail to the support team. We very much welcome any feedback.
![Page 38: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/38.jpg)
38 | P a g e
ControlUp Analyzer User Guide September 2019
2.6 LOG ANALYSIS This section contains views related to log analysis. It provides the log collection status and log issues detected
based on the correlation of log entries with KB articles. It also provides more general dashboards displaying
common error logs.
2.6.1 Log KBs Discovered ControlUp Analyzer continuously monitors the logs it receives and is searching for log patterns that are
described in various VMware KB articles. The Log KBs Discovered view displays a table of issues discovered in
the logs within a period of time. The time period is configurable at the top of the page.
It is our recommendation to attend to these issues as a matter of priority, because your environment is
already exhibiting symptoms of a particular known issue.
2.6.2 Log Inspector Along with the documented issues in VMware KBs, ControlUp Analyzer filters and tags common error
messages from the logs that may indicate a problem. The tagged log entries are represented in a historical
chart that can be examined by the administrator. A smaller navigation chart is located under the main log
chart. The navigation chart can be used to change the time range of the displayed logs.
Initially, the chart displays the occurrence frequency of log strings that could indicate a problem, such as
Unableto, CouldNot, FailedTo, Error, etc. Use the drop-down menu on the left-hand side of the search bar to
explore deeper the log messages for that string. Another graph appears that includes the most common
predicates containing the selected log string.
Select shell to see detailed chart and table listing the shell commands executed on the monitored ESXi hosts.
Use the search bar to filter for log entries based on their syslog-message field (case sensitive).
Use the magnifier icon next to Hostname and Program to filter for specific hostname or program.
Click on the colored square located on the left of Unableto, CouldNot and other predicates, to exclude the
respective log entries from the chart and table.
The filters you create will appear under the top search bar. Use the filter checkbox to enable/disable a filter
or use the red cross to remove it.
2.7 Definition Database This view shows current knowledge which is used to perform the configuration analysis – Knowledge Base
articles, Best Practice checks and Security Hardening checks. This view does not show the actual issues
detected in your environment, just the knowledge used for analysis.
2.8 Settings Page The ControlUp Analyzer settings icon (cog icon) is located on the right-hand side of the top navigation bar.
Use this page to configure connections to the virtual infrastructure, scheduled analysis, alerting, logs, filters,
licensing and ControlUp Analyzer appliance users.
![Page 39: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/39.jpg)
39 | P a g e
ControlUp Analyzer User Guide September 2019
2.8.1 Connections Within the Connections tab, you can specify the connection details for vCenter servers (and optionally, NSX
Managers) or Horizon Connection Servers in the environment that ControlUp Analyzer will analyze. Server
address, port number, username and password are mandatory fields. The account you specify should have
the minimum required permissions specified in System Requirements. To connect to multiple Systems, add
them one by one. For more details please check Connect to a System and analyze.
2.8.2 Automatic Scheduler You can configure automatic scheduling by clicking the Edit button. Once automatic scanning is selected, the
scanning frequency can be chosen. The Analyze now button can be used even when Automated scans are
scheduled.
2.8.3 Alerting The Alerting page can be used to enable email alerting. After each analysis, either manual or automatic, an
email containing a report of findings will be sent to the configured recipient(s). SMTP server and port, as well
as sender and recipient email addresses are mandatory fields. Multiple recipient email addresses separated by
a comma can be added (For example: [email protected], [email protected], [email protected]).
2.8.4 Log Analysis The Log Analysis page can be used to configure log retention and syslog settings for Hosts and VMs. For more
information – see 1.3.3 Configure Log Collection.
Use the Reload button, located on right-hand side of Syslog settings on the Hosts and VMs of configured
vCenters to re-fetch the current configuration from all vCenters. A timestamp will indicate when the last
fetch was triggered. Also, a re-fetch can be performed individually for each vCenter by clicking the specific
icon.
2.8.5 Security Compliance In this section you can choose which security profiles to use for your environment's security compliance.
By default, VMware Security Hardening Guide for vSphere is enabled and active. You can select additional
profiles if you need to adhere to other security standards.
2.8.6 User Profile The User Profile tab can be used to manage the Local user accounts or to connect ControlUp Analyzer to
Active Directory.
2.8.6.1 Local user The default local user that has access to the ControlUp Analyzer web interface is:
▪ username: rcuser
▪ password: ControlUp!
By default rcuser is granted with Admin role which cannot be changed. Click Edit user in the Actions column
in order to change the default password. N.B. rcuser is the only account which cannot be deleted.
![Page 40: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/40.jpg)
40 | P a g e
ControlUp Analyzer User Guide September 2019
An unlimited number of Local User accounts can be added. For each user, one of two roles can be selected:
Admin or Read-only.
The Admin role has no restrictions – it is able to manage the ControlUp Analyzer without any limitations. It
has also permission to create/remove other users with the exception of rcuser.
The Read-only role has restrictions - it is not able to change any settings or configuration and not able to scan
or create/remove other users. This role can Generate an API access token with read-only privileges.
2.8.6.2 Active Directory You can use Active Directory accounts to login to the ControlUp Analyzer web interface. Click Edit within the
Active Directory section and provide information about your Active Directory setup:
a. Active Directory (Enable/Disable)
b. Domain (for example company.com)
c. Domain Groups – any user/group in the specified domain group will get the specified
access (Admin or Read-only) to the ControlUp Analyzer web interface.
Optionally, you can configure advanced options by clicking on the Advanced options link:
d. Use SSL (Enable/Disable)
e. URL (the address and port of a domain controller, for example ldap://dc.company.com)
f. PORT number
g. Root DN (for example ou=test,dc=company,dc=local)
When an AD user is member of both Admin and Read-Only groups, as configured in ControlUp Analyzer, his
privilege level will be set to Admin.
[Note] Make sure that DNS is configured. The ControlUp Analyzer should be able to resolve the domain
controller name. Make sure that the group you specify for the Domain Group exists in your Active Directory
domain. The user MUST be able to read members of the group.
2.8.7 Filters Filters can be used to disable a combination of configuration items and issues from showing in the reports
and statistics. Without filters, ControlUp Analyzer will include all configuration items it has access to for all
possible issues and best practices. Typically, these are all inventory objects within vCenter and (optionally)
NSX Manager or Horizon Connection Server.
There are many use cases for using filters, for example:
• Some of the Security Hardening checks are not part of your specific security policy and you need to
exclude them from reports.
• You have several test ESXi hosts that you want to exclude from all reports, or perhaps you want to
see only Critical issues detected for those hosts.
![Page 41: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/41.jpg)
41 | P a g e
ControlUp Analyzer User Guide September 2019
Click Add Filter to create a new filter. A new filter called New Filter appears in the list. Expand New Filter and
edit its name and description. The filter configuration includes two hierarchical trees:
• The left-hand tree displays the vCenter (and optionally NSX) or Horizon Connection Server inventory
with all inventory objects underneath. Select which object this filter will apply to.
• The right-hand tree displays all possible issues organized by type (Knowledge Base, Best Practices,
Security Hardening) and severity (Low, Medium, Major, Critical). Select a group of issues the filter
will apply to.
Click Update once finished. The filter is applied to all views.
Click Export/Import button on the top right corner of the Filters view to Export and Import all filters. Choose
one of the following options:
• Export Filters exports all filters in a downloadable .dat file. This function will not export the inventory
objects specified in the filters. Once you import the filters, you would need to specify the objects this
filter applies to.
• Export Filters including objects exports all filters and objects they apply to in a downloadable .dat
file. This function can be used in case you plan to import the filters to a ControlUp Analyzer appliance
that is connected to the exact same System.
• Import Filters imports filters from a .dat file. Filters have an OFF status once imported. N.B. In the
case where the .dat file contains inventory objects, they will be added to the filters only if the System
object ID and other object IDs match.
2.8.8 Licenses In this tab you can add and assign a valid license to your hosts. For more information – see 1.3.2 Licensing
ControlUp Analyzer.
2.8.9 Update Within this tab the update status of ControlUp Analyzer is shown. It is divided into two parts, Application and
Knowledge Definition.
• Application (full appliance consisting of updates to the OS, component, application, and also
database definitions like KB, BP, SH, etc): The version of the ControlUp appliance currently deployed
is displayed. This view differs based on the online/offline update state of the appliance:
• If the appliance has an internet connection (online) then the application will check if there are
any updates available. It will display one of two states: Up to date or Update available. If the
status is Update available, you can perform manually the update by accessing the ControlUp
Analyzer Console Interface (check Note) and navigate to the Update section. Otherwise
ControlUp Analyzer will automatically apply the updates during the night.
• If the appliance doesn’t have an internet connection (offline) then the status You are offline is
displayed together with a link to the Customer portal. When accessing the portal through an
internet connected device, expanding the Offline updates provides access to an .ISO file.
![Page 42: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/42.jpg)
42 | P a g e
ControlUp Analyzer User Guide September 2019
Download the file from https://updates.runecast.com/runecast-analyzer-vmware/rcupdate.iso
and attach it to you ControlUp Analyzer VM. You can perform manually the update by accessing
ControlUp Analyzer Console Interface and navigate to the Update section.
[Note] To access the ControlUp Analyzer Console Interface open ControlUp Analyzer VM console and press
F1 key to login. Check section ControlUp Analyzer Console Interface for additional details.
• Knowledge Definition (contains only data definition updates for knowledge such as KBs, BPs, SH,
etc.): The last update release date is displayed. The view differs based on the online/offline state of
the appliance:
• If the appliance has an internet connection (online) then the application will check if there are
any updates available. It will display one of the following two states: Up to date or Update now.
• If the appliance doesn’t have internet connection (offline) then You are offline is displayed
together with a link to the Customer portal. When accessing the portal through an internet
connected device, expanding the Offline updates provides access to the .bin file. To perform an
update, Download the file and then import it into the appliance using the Choose File button.
[Note] Online application and knowledge definition updates require access to https://updates.runecast.com
2.8.10 API Access tokens ControlUp Analyzer offers a full REST API for custom integration, configuration and reporting.
In order to use the API, an access token is required. The token can be generated in the graphical interface of
the ControlUp Analyzer or by sending a POST request to /api/v1/users/local/{username}/tokens
Once generated, the access token needs to be included in the Authorization header of each request. For
example, to retrieve data about the vCenters registered in your ControlUp Analyzer appliance, you can use a
call similar to:
curl -H "Authorization: your_token_here" -X GET https://appliance_IP/rc2/api/v1/vcenters
The API reference documentation can be accessed by clicking the API link.
2.9 Tool Tips Click on the question mark on the right-hand side of the top navigation bar to enable/disable tool tips. Once
enabled, question mark icons will appear next to some of the main interface elements. If you hover over an
icon you will see a help tip to describe the respective item.
![Page 43: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/43.jpg)
43 | P a g e
ControlUp Analyzer User Guide September 2019
2.10 About ControlUp Analyzer General information are displayed, such as current version and contact information. If troubleshooting of
ControlUp Analyzer is required, you can download a support bundle which contains configuration setting and
logs of ControlUp Analyzer and send it to email: [email protected] .
![Page 44: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/44.jpg)
44 | P a g e
ControlUp Analyzer User Guide September 2019
3 ControlUp Analyzer Console Interface Configuration changes to ControlUp Analyzer appliance can be perform through the ControlUp Analyzer
Console Interface. You can re-configure network settings, change the administrative user password and
perform updates.
To access the ControlUp Analyzer Console Interface, select the ControlUp Analyzer VM and use the vSphere
client to open a console from within the Summary tab. Within the console, use the F1 key to login. The
default credentials are:
• Username: rcadmin
• Password: admin
Once logged in you will find the following options:
➢ Network Settings: control the network configuration of the appliance. If DHCP is required set its
value to true.
➢ User Settings: administrative user password can be changed in this section.
➢ Remote Access: control the SSH service status (Enable/Disable).
➢ Updates: ControlUp Analyzer can be updated in both Online and Offline mode. The appliance checks
for updates every night and applies them automatically if there are available.
• Online – updates are installed from the online repository.
• Offline – updates are installed from an offline update bundle (.iso file) by attaching it to the
ControlUp Analyzer VM’s CD/DVD drive and ensuring it is connected. You can download the
latest .iso here: https://updates.runecast.com/runecast-analyzer-vmware/rcupdate.iso.
The Check for update and install button will check and apply updates from the selected repository.
➢ Logout: ends the current user session and returns to previous menu.
![Page 45: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/45.jpg)
45 | P a g e
ControlUp Analyzer User Guide September 2019
4 Advanced Configuration This section includes the advanced configuration settings of ControlUp Analyzer and may require console
access to the virtual appliance. ControlUp Analyzer runs in a virtual appliance running Ubuntu OS. For
security purposes, SSH is disabled by default. You will need to use your vSphere Web Client to navigate to the
ControlUp Analyzer VM and open the VM console.
4.1 How to change the rcadmin password To change the rcadmin password follow the steps below:
1. Open the ControlUp Analyzer appliance console
2. Press F1 and login with rcadmin user (default password: admin)
3. Navigate to User Settings and press Enter
4. Set new password and confirm.
4.2 How to replace the self-signed SSL certificate By default, the connection to the ControlUp Analyzer web interface is encrypted using a self-signed SSL
certificate. In case your company policy requires CA signed certificates, you can replace the default one
following the steps below:
1. If SSH is already Enabled on ControlUp Analyzer, please continue with step 7
2. Open the ControlUp Analyzer appliance console
3. Login with rcadmin user (default password: admin)
4. Navigate to Remote Access and press Enter
5. Select Enable SSH and press Enter
6. Navigate to Logout and press Enter to return to previous menu
7. Initiate SSH session to ControlUp Analyzer
8. Login with rcadmin user (default password: admin)
9. In the directory /etc/runecast/cert, rename the existing certificates:
sudo mv rc2.crt orig.rc2.crt
sudo mv rc2.key orig.rc2.key
10. Copy the new certificate and key to /etc/runecast/cert.
• from the appliance initiate file transfer:
sudo scp username@remoteHost:/location/your-file.crt /etc/runecast/cert/your-file.crt
sudo scp username@remoteHost:/location/your-file.key /etc/runecast/cert/your-file.key
• As an alternative you can copy the certificate files to ControlUp Analyzer using SCP client. Is this
case, you will not be able to upload them directly to /etc/runecast/cert/ directory. Initially, they
can be placed in the /tmp directory and then moved with elevated privileges.
sudo mv /tmp/your-file.crt /etc/runecast/cert/your-file.crt
![Page 46: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/46.jpg)
46 | P a g e
ControlUp Analyzer User Guide September 2019
sudo mv /tmp/your-file.key /etc/runecast/cert/your-file.key
11. In the directory /etc/runecast/cert rename the new certificate and key to rc2.crt and rc2.key
sudo mv your-file.crt rc2.crt
sudo mv your-file.key rc2.key
12. The copy process of the certificate files to ControlUp Analyzer may not assign the proper
permissions. Please review them by using the following command:
ls -la /etc/runecast/cert/
13. If the permissions on your new certificate files are not root:rctomcat run the commands below:
sudo chown root:rctomcat cert-file.crt
sudo chown root:rctomcat key-file.key
sudo chmod 640 cert-file.crt
sudo chmod 640 key-file.key
14. If your key is password-protected (recommended) add rc2.key password into
etc/rctomcat9/server.xml using following commands:
sudo nano /etc/rctomcat9/server.xml
SSLCertificateFile="/etc/runecast/cert/rc2.crt"
SSLCertificateKeyFile="/etc/runecast/cert/rc2.key"
SSLPassword="key_password"
15. Restart the appliance after you install the new certificate
[Note] ControlUp Analyzer supports X.509 certificates to encrypt session information sent over SSL
connection.
4.3 How to Use with Proxy Server ControlUp Analyzer can be configured to use a proxy server facilitating external connectivity. To achieve this,
follow one of the two methods described below.
Method 1 - Proxy configuration using script:
1. If SSH is already Enabled on ControlUp Analyzer, please continue with step 7
2. Open the ControlUp Analyzer appliance console
3. Login with rcadmin user (default password: admin)
4. Navigate to Remote Access and press Enter
![Page 47: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/47.jpg)
47 | P a g e
ControlUp Analyzer User Guide September 2019
5. Select Enable SSH and press Enter
6. Navigate to Logout and press Enter to return to previous menu
7. Initiate SSH session to ControlUp Analyzer
8. Login with rcadmin user (default password: admin)
9. Run the rcproxy.sh script:
sudo /opt/runecast/scripts/rcproxy.sh
10. Follow the instructions on the screen
Method 2 - Proxy configuration using REST API.
You can configure proxy via the REST API. One convenient way to do it is via the built-in API browser:
• Navigate to Settings -> API Access tokens.
• Access the API reference link and expand the Configuration list. Select the desired method (PUT, GET,
DELETE) for /api/v1/config/system/proxy
• To configure the proxy you need to provide proxy server address, port, user and password.
Sample:
{
"authenticated": true,
"configured": true,
"password": "password",
"port": 3128,
"server": "proxy.example.com",
"user": "user"
}
4.4 How to disable the session timeout for the web interface of ControlUp Analyzer
The web interface of ControlUp Analyzer has a default session timeout value of 15 minutes. For security
reasons, it is advised to keep the default. To disable the session timeout, follow the steps below:
1. If SSH is already Enabled on ControlUp Analyzer, please continue with step 7
2. Open the ControlUp Analyzer appliance console
3. Login with rcadmin user (default password: admin)
4. Navigate to Remote Access and press Enter
5. Select Enable SSH and press Enter
6. Navigate to Logout and press Enter to return to previous menu
7. Initiate SSH session to ControlUp Analyzer
8. Login with rcadmin user (default password: admin)
9. Edit /etc/runecast/runecast.ini and uncomment the following line and set also the desired value
(true / false):
session_expires=false
![Page 48: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/48.jpg)
48 | P a g e
ControlUp Analyzer User Guide September 2019
10. Restart the Tomcat service:
sudo systemctl restart rctomcat9
[Note] Alternatively, you can reboot the appliance, instead of restarting the Tomcat service.
4.5 How to change vCenter heartbeat period configuration of ControlUp Analyzer
Every minute a heartbeat request is sent to each vCenter to check if connection is still available. If the
vCenter connection becomes unavailable for any reason it will be reported. The heartbeat is required to
determine which vCenters are available for licensing, to show current status and is need also for syslog
configuration. If you find the heartbeat to be occurring too frequently you can modify the interval of time to
desired value. To change vCenter heartbeat period, follow the steps below:
1. If SSH is already Enabled on ControlUp Analyzer, please continue with step 7
2. Open the ControlUp Analyzer appliance console
3. Login with rcadmin user (default password: admin)
4. Navigate to Remote Access and press Enter
5. Select Enable SSH and press Enter
6. Navigate to Logout and press Enter to return to previous menu
7. Initiate SSH session to ControlUp Analyzer
8. Login with rcadmin user (default password: admin)
9. Edit /etc/runecast/runecast.ini and uncomment the following line and set also the desired value
(value is limited to interval 1-30):
#hb_minutes=1
10. Restart the Tomcat service:
sudo systemctl restart rctomcat9
[Note] Alternatively, you can reboot the appliance, instead of restarting the Tomcat service.
4.6 How to change ControlUp Analyzer network configuration
Network configuration can be set during .ova deployment. If later changes are needed, they can be
performed following one of the next steps:
1. From vApp Options
• Shut down the ControlUp Analyzer appliance VM
• Using the vSphere Web Client, right click on the VM and select Edit Settings
• From the newly opened window select vApp Options
• Expand Networking properties and edit the DNS field to the desired value
![Page 49: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/49.jpg)
49 | P a g e
ControlUp Analyzer User Guide September 2019
• Confirm the changes by clicking OK button on the Edit Settings window
• Power On the ControlUp Analyzer VM
2. From ControlUp Console Interface
• Open the ControlUp Analyzer appliance console
• Login with rcadmin user (default password: admin)
• Navigate to Network Settings and configure the parameters as desired. If DHCP is required set
its value to true
[Note] Once the network properties are reconfigured through the ControlUp Console Interface the network
configuration is marked as Internally managed and further changes via vApp Options will be discarded.
4.7 How to change address of Knowledge updates via config file
To create your own repository and use it as download location for Knowledge updates follow the steps
below:
1. If SSH is already Enabled on ControlUp Analyzer, please continue with step 7
2. Open the ControlUp Analyzer appliance console
3. Login with rcadmin user (default password: admin)
4. Navigate to Remote Access and press Enter
5. Select Enable SSH and press Enter
6. Navigate to Logout and press Enter to return to previous menu
7. Initiate SSH session to ControlUp Analyzer
8. Login with rcadmin user (default password: admin)
9. Create/Edit runecast.ini at /etc/runecast and add the following lines:
updates_url=https://your_repository_IP/
updates_file_version=version.txt
updates_file_updates=kbupdates.bin
Both files version.txt and kbupdates.bin should be placed in your repository.
• version.txt – requires the following format (example): appversion=1.8.0.0
defversion=1.7.7.0
defdate=2018-06-13
appdate=2018-06-25
• kbupdates.bin – can be downloaded from your profile
[Note] If the files are not properly configured the updates will behave as in offline mode.
10. Restart the Tomcat service:
sudo systemctl restart rctomcat9
![Page 50: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/50.jpg)
50 | P a g e
ControlUp Analyzer User Guide September 2019
4.8 How to enforce support of TLSv1.2 protocol By default ControlUp Analyzer supports following TLS protocols: TLSv1, TLSv1.1 and TLSv1.2
In case you require TLSv1.2 only, please verify your VMware infrastructure against the KB:
https://kb.vmware.com/s/article/2148819
If your VMware infrastructure fully support TLSv1.2, you can disable TLSv1 and TLSv1.1 in ControlUp Analyzer
using following steps:
1. If SSH is already Enabled on ControlUp Analyzer, please continue with step 7
2. Open the ControlUp Analyzer appliance console
3. Login with rcadmin user (default password: admin)
4. Navigate to Remote Access and press Enter
5. Select Enable SSH and press Enter
6. Navigate to Logout and press Enter to return to previous menu
7. Initiate SSH session to ControlUp Analyzer
8. Login with rcadmin user (default password: admin)
9. Modify /etc/rctomcat9/server.xml as follows:
replace SSLProtocol="all" with SSLProtocol="TLSv1.2"
10. Restart the Tomcat service:
sudo systemctl restart rctomcat9
After these actions ControlUp Analyzer will accept only TLSv1.2 connections.
4.9 How to configure remote audit logging For security purposes you can enable ControlUp Analyzer audit logging. These additional log messages
contain information about the user interaction with ControlUp Analyzer such as sign in, sign out, filter
creation and more.
You can configure audit login via the REST API. One convenient way to do it is via the built-in API browser:
• Navigate to Settings -> API Access tokens.
• Access the API reference link and expand the Configuration list. Select the desired method (PUT, GET,
DELETE) for /api/v1/config/system/audit/syslog
• To configure the remote audit logging you need to provide syslog server address, port and protocol
type .
Sample:
{
"host": "10.0.0.1",
"port": 514,
"protocol": "UDP"
}
[Note] Once a remote syslog server is configured the logs are also available locally on the appliance.
![Page 51: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/51.jpg)
51 | P a g e
ControlUp Analyzer User Guide September 2019
5 ControlUp Analyzer vSphere Web Client Plug-in The ControlUp Analyzer Plug-in is compatible with both Flex and HTML5 versions of vSphere Web Client. The
current version of the plug-in displays results triggered from ControlUp Analyzer. Future releases of the plug-
in will include even more integration, allowing you to perform additional actions directly from the plug-in's
interface.
Prerequisites:
• ControlUp Analyzer 1.6.3.0 .
• vCenter Server 6.0 and later versions.
5.1 Registering the plug-in with vCenter server ControlUp Analyzer Web Client plug-in is deployed directly from ControlUp Analyzer appliance. The steps
required for initial registration or update of the plug-in are provided below:
1. Log in to ControlUp Analyzer
2. Navigate to Settings > vCenter Connection
3. For each added vCenter Server there is a Web Client plug-in section. Depending on the current
status, the plug-in can be either Not installed, Installed (Update available) or Installed.
4. By expanding the Action button from the right side, you can choose the one of the available options.
Follow the instructions in the pop-up window. It provides the option to initiate the registration or
update process directly from ControlUp Analyzer or to download a customized PowerCLI script
5.2 Plug-in Configuration After registration, please login to vSphere Web Client, navigate to Administration section and select Settings
under Runecast: Software-Defined Expertise.
Provide the FQDN or IP address of ControlUp Analyzer and provide an API Access Token, then update settings
using the dedicated button.
[Note] In order to use the plug-in from both Flex and HTML5 versions of vSphere Web Client, configuration
should be performed on each of them.
5.3 Working with the ControlUp Analyzer plug-in The plug-in introduces an additional tab named Runecast under the Monitor section of each inventory object
(e.g. Host, VM, port group). The issues grid will show all issues related to the object along with their relevant
finding values. It will also show detail directly in the interface (such as the relevant VMware KB article).
A view showing all issues for the inventory can be obtained from the main page of the plug-in. From the Flex
Web Client the Runecast icon is accessible from the Home screen and on HTML5 Web Client it is located
under Menu.
![Page 52: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/52.jpg)
52 | P a g e
ControlUp Analyzer User Guide September 2019
5.4 Unregistering the extension from vCenter Server and cleaning up its files
Unregistering the extension from vCenter Server stops it from being active in the Web Client, but does not
clean up its files. This is because of a known VMware limitation.
To unregister the plug-in run the following script:
Write-Host '' Write-Host "Please enter vCenter Server address and login credentials" Write-Host '' ###Setting up### $vcenter = Read-Host 'vCenter Server address' $user = Read-Host 'Username' $pswd = Read-Host 'Password' -AsSecureString $creds = New-Object System.Management.Automation.PSCredential($user,$pswd) Set-PowerCLIConfiguration -InvalidCertificateAction Prompt -Scope Session -Confirm:$false | Out-Null #Connect to vCenter Write-Host "Connecting to $vcenter..." -ForegroundColor yellow $vc = Connect-VIServer -Server $vcenter -Credential $creds if (!$vc) { Write-Host "Connection to $vcenter failed" -ForegroundColor red } else { Write-Host "Successfully connected to $vcenter" Write-Host "Runecast Web Client plugin is about to be unregistered from $vcenter" -ForegroundColor yellow do { Write-Host "Do you want to continue? (y/n): " -ForegroundColor yellow -NoNewline $answer = Read-Host } until (($answer -eq 'y') -Or ($answer -eq 'Y') -Or ($answer -eq 'n') -Or ($answer -eq 'N')) if (($answer -eq 'y') -Or ($answer -eq 'Y')) { Write-Host 'Unregistering Runecast plugin...' -ForegroundColor yellow $em = Get-View ExtensionManager try { $em.UnRegisterExtension("biz.runecast.rc2plugin") Write-Host 'Runecast plugin unregistered. Please, log out and log back in to vSphere Web Client' } catch { Write-Host $_.Exception.Message -ForegroundColor red } } #Disconnect from vCenter Write-Host "Disconnecting from $vcenter..." -ForegroundColor yellow Disconnect-VIServer -Server $vc -Confirm:$false } To clean up the files, and completely remove the plug-in, follow the steps below:
1. Stop vSphere Web Client service(s). For flex, stop the vsphere-client process and for HTML5, stop the
vsphere-ui process.
2. Directory clean up
• For Windows based vCenter Server navigate to:
![Page 53: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/53.jpg)
53 | P a g e
ControlUp Analyzer User Guide September 2019
For version 6.0:
%VMWARE_CFG_DIR%\vsphere-client\vc-packages\vsphere-client-serenity and remove the
biz.runecast.* folder
%VMWARE_DATA_DIR%\vspherewebclientsvc\ and remove the runecast folder
For version 6.5 and later:
%VMWARE_CFG_DIR%\vsphere-client\vc-packages\vsphere-client-serenity and remove the
biz.runecast.* folder
%VMWARE_DATA_DIR%\vsphere-ui\ and remove the runecast folder
• For VCSA navigate to:
For version 6.0:
/etc/vmware/vsphere-client/vc-packages/vsphere-client-serenity and remove the
biz.runecast.* folder
$VMWARE_DATA_DIR/vsphere-client and remove the runecast folder
For version 6.5 and later:
/etc/vmware/vsphere-client/vc-packages/vsphere-client-serenity and remove the
biz.runecast.* folder
/etc/vmware/vsphere-ui/vc-packages/vsphere-client-serenity and remove the biz.runecast.*
folder
$VMWARE_DATA_DIR/vsphere-client and remove the runecast folder
$VMWARE_DATA_DIR/vsphere-ui and remove the runecast folder
3. Start vSphere Web Client service(s). For flex, start the vsphere-client process and for HTML5, start
the vsphere-ui process.
![Page 54: Runecast User Guide - ControlUp](https://reader034.vdocument.in/reader034/viewer/2022051204/627847ae55c73471d00c07c0/html5/thumbnails/54.jpg)
54 | P a g e
ControlUp Analyzer User Guide September 2019
Thank you for using ControlUp Analyzer!